diff options
author | Jeremy Allison <jra@samba.org> | 2009-06-16 13:17:24 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-06-16 13:17:24 -0700 |
commit | cbb55b34e27b3927f4fb05e47cd8c19828553b6a (patch) | |
tree | 194b6ee57becbe11d88a38cdd300d3109f41b69d | |
parent | 29b8e08b83eeb0ab7d33bf46981cdbad8c35dc9b (diff) | |
download | samba-cbb55b34e27b3927f4fb05e47cd8c19828553b6a.tar.gz samba-cbb55b34e27b3927f4fb05e47cd8c19828553b6a.tar.bz2 samba-cbb55b34e27b3927f4fb05e47cd8c19828553b6a.zip |
_lsa_EnumAccountRights and _lsa_EnumPrivsAccount can return an
empty set of privilages if the SID doesn't have any.
(From [MS-LSAD.pdf])
Jeremy.
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f434cfa9a4..8773c29350 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1672,23 +1672,22 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, if (!(info->access & LSA_ACCOUNT_VIEW)) return NT_STATUS_ACCESS_DENIED; - if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) ) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + get_privileges_for_sids(&mask, &info->sid, 1); privilege_set_init( &privileges ); + priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); + if (!priv_set) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + if ( se_priv_to_privilege_set( &privileges, &mask ) ) { DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n", sid_string_dbg(&info->sid), privileges.count)); - priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet); - if (!priv_set) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_LUIDAttribute, privileges.count); @@ -1707,11 +1706,14 @@ NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, priv_set->unknown = 0; priv_set->set = luid_attrs; - *r->out.privs = priv_set; } else { - status = NT_STATUS_NO_SUCH_PRIVILEGE; + priv_set->count = 0; + priv_set->unknown = 0; + priv_set->set = NULL; } + *r->out.privs = priv_set; + done: privilege_set_free( &privileges ); @@ -2150,20 +2152,16 @@ NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, sid_copy( &sid, r->in.sid ); - if ( !get_privileges_for_sids( &mask, &sid, 1 ) ) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + get_privileges_for_sids(&mask, &sid, 1); privilege_set_init( &privileges ); - if ( se_priv_to_privilege_set( &privileges, &mask ) ) { + se_priv_to_privilege_set(&privileges, &mask); - DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n", - sid_string_dbg(&sid), privileges.count)); + DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n", + sid_string_dbg(&sid), privileges.count)); - status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges); - } else { - status = NT_STATUS_NO_SUCH_PRIVILEGE; - } + status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges); privilege_set_free( &privileges ); |